|Preferred GIAC Certifications||GCLD, GCIH, GCIA|
Experian is the world’s leading global information services company. During life’s big moments – from buying a home or a car, to sending a child to college, to growing a business by connecting with new customers – we empower consumers and our clients to manage their data with confidence. We help individuals to take financial control and access financial services, businesses to make smarter decisions and thrive, lenders to lend more responsibly, and organizations to prevent identity fraud and crime.
We have 20,000 people operating across 44 countries and every day we’re investing in new technologies, talented people, and innovation to help all our clients maximize every opportunity.
Experian, a global leader in providing information solutions to organizations and consumers, is seeking a highly motivated Senior Cyber Security Analyst to join our Global Security team at our Costa Rica’s facility.
As a member of Experian’s Global Security Office (EGSO) / Global Cyber Incident Response Team, (GCIRT) this individual will respond, contain, escalate, investigate, and coordinate mitigation of security events relative to anomalies detected and escalated by the Global Security Operations Center (GSOC) according to Experian’s Incident Response Plan. The member will respond and analyze security incidents involving threats targeting Experian information assets. These threats may include phishing, malware, network attacks, suspicious activity, etc. In addition, this position will involve working with end-users, stakeholders, technical support teams, and management to ensure proper remediation and recovery from these threats. Leverages analytical skills using data collected from endpoints, environmental logging, and a variety of other sources to maximize containment and eradication of threats, while expediting recovery of the business. This role requires cloud incident response experience.
Key Responsibilities Include:
The Senior Analyst executes Operational Processes and Procedures as a matter of daily responsibility. The role is the detailed and repeatable execution of all operational tasks which are documented in the Wiki and Incident Response Plan.
Respond to Security to cyber security events and alerts associated to threats, intrusions, and/or compromises per SLO.
Effectively manages multiple cases related to security incidents throughout the incident response lifecycle; including Analysis, Containment, Eradication, Recovery, and Lessons Learned.
Identifies best methods to contain, eradicate, and recover from a wide variety of security incidents. Provides recommendations to proactively prevent incidents from re-occurring in the future.
Coordinates successful conclusion of security incidents according to Process & Procedures. Escalates severe incidents according to Experian’s Incident Response Plan.
Maintains all case documentation, including notes, analysis findings, containment steps, and root cause for each assigned security incident.
Maintains a foundational understanding of common Operating Systems (Windows, Linux, Mac OS), Networking (Firewalls, Proxies, etc.), and Security Technologies (Anti-Virus, Intrusion Prevention, etc.)
Interprets device and application logs from a variety of sources (e.g. Firewalls, Proxies, Web Servers, System Logs, Splunk, Packet Captures, etc.) to identify root cause and determine next steps for containment, eradication, and recovery.
Follow all documented GCIRT playbooks, standards, processes, and procedures (GCIRT xWiki). All cases owned by an Analyst shall be well documented in accordance with GCIRT standards.
Frequently attend and participate in the GSOC Weekly Lessons Learned Meetings. Contribute at least two (2) items to the GSOC Weekly Meeting Lessons Learned per Month.
Maintain GCIRT Shift Logs for period worked. Verify Shift Logs are completed and accurate by L1 analysts.
All assigned security incidents must be reviewed, updated, and documented at least every (3) business days. Coordinate coverage for any cases which need update while out on leave or holiday.
Incident updates or contact with end user to be done every 24 hours and documented case notes.
Maintain assigned case load and efficiently move incidents through each phase of the IR Lifecyle with a goal to complete cases within 5 business days.
Follow case hand-off procedure, assisting other GCIRT Team Members with their case-load while they are off-shift.
Provide Advanced Support as needed to other GCIRT Analysts (Logs review, IP Block question). Mentor other GCIRT analyst when required (process question, tool usage)
Leads local resources to ensure team meets SLOs and follows Incident Response Process, Procedures & Playbooks.
Supports overall direction for the GCIRT and input to the overall security strategy.
Schedule: Wednesday, Thursday, Friday & alternating Saturdays, 6am - 7pm Central Time
Bachelor’s Degree in Computer Science, Computer Engineering, Information Security or a related field.
5+ years of experience working within a Security Operations Centers or Cyber Security Incident Response Teams may be accepted in lieu of this education requirement.
Demonstrate knowledge of Incident Response and Investigative Methodology.
Proven work experience in at least one Cloud platform (Azure, AWS, GCP).
Demonstrate critical thinking skills, analytical expertise, attention to detail, and ability to function in a fast-paced environment.
Preferred to have at least one certification involving incident response, ethical hacking, or cyber security (i.e. GCIH, GCFR, E|CEH, E|CIH etc.)
Preferred to have at least one certification involving digital forensics (i.e. GCFE, EnCE)
Ability to exhibit skills using common Incident Response and Security Monitoring applications such as SIEM (Splunk), EDR (FireEye HX, CrowdStrike Falcon, McAfee mVision EDR, etc.), WAF, IPS, etc.
Must have competent English speaking, reading, and writing skills. The ability to explain technical terminology to the lay person is frequently required.
Must work well with a global team-oriented environment and has flexibility to work a shift schedule (including nights and weekends).
Candidate must be self-motivated and capable of working with little supervision.
Our benefits include: Medical, life and dental insurance, Asociación Solidarista, International Share Save Plan, Flex Work/Work from home, Paid time off, Annual Performance Bonus, Education Reimbursement, Family Bonding, Bereavement Leave, Referral Program, and more.
Experian Careers - Creating a better tomorrow together
Find out what its like to work for Experian by clicking here
Experian is proud to be an Equal Opportunity and Affirmative Action employer. Our goal is to create a thriving, inclusive and diverse team where people love their work and love working together. We believe that diversity, equity and inclusion is essential to our purpose of creating a better tomorrow. We value the uniqueness of every individual and want you to bring your whole, authentic self to work. For us, this is The Power of YOU and it ensures that we live what we believe.